public static <T> Collection<T> filter(StreamlineAuthorizer authorizer, SecurityContext securityContext, String entityNamespace, Collection<T> entities, Function<T, Long> idFunction, Permission first, Permission... rest) { Principal principal = securityContext.getUserPrincipal(); EnumSet<Permission> permissions = EnumSet.of(first, rest); return entities.stream() .filter(e -> doCheckPermissions(authorizer, principal, entityNamespace, idFunction.apply(e), permissions)) .collect(Collectors.toList()); }
@GET @Path("/files") @Timed public Response listFiles(@Context UriInfo uriInfo, @Context SecurityContext securityContext) { Collection<File> files = null; MultivaluedMap<String, String> params = uriInfo.getQueryParameters(); if (params == null || params.isEmpty()) { files = catalogService.listFiles(); } else { files = catalogService.listFiles(WSUtils.buildQueryParameters(params)); } Collection<File> result = SecurityUtil.filter(authorizer, securityContext, File.NAMESPACE, files, READ); return WSUtils.respondEntities(result, OK); }
@GET @Path("/topologies") @Timed public Response listTopologies (@Context SecurityContext securityContext) { Collection<Topology> topologies = catalogService.listTopologies(); boolean topologyUser = SecurityUtil.hasRole(authorizer, securityContext, Roles.ROLE_TOPOLOGY_USER); if (topologyUser) { LOG.debug("Returning all topologies since user has role: {}", Roles.ROLE_TOPOLOGY_USER); } else { topologies = SecurityUtil.filter(authorizer, securityContext, NAMESPACE, topologies, READ); } Response response; if (topologies != null) { response = WSUtils.respondEntities(topologies, OK); } else { response = WSUtils.respondEntities(Collections.emptyList(), OK); } return response; }
@GET @Path("/system/topologyeditormetadata") @Timed public Response listTopologyEditorMetadata (@Context SecurityContext securityContext) { Collection<TopologyEditorMetadata> result = catalogService.listTopologyEditorMetadata(); if (result != null) { boolean topologyUser = SecurityUtil.hasRole(authorizer, securityContext, Roles.ROLE_TOPOLOGY_USER); if (topologyUser) { LOG.debug("Returning all topology editor metadata since user has role: {}", Roles.ROLE_TOPOLOGY_USER); } else { result = SecurityUtil.filter(authorizer, securityContext, Topology.NAMESPACE, result, TopologyEditorMetadata::getTopologyId, READ); } return WSUtils.respondEntities(result, OK); } throw EntityNotFoundException.byFilter(""); }
@GET @Path("/search") @Timed public Response searchEntities(@javax.ws.rs.QueryParam("sort") String sortType, @javax.ws.rs.QueryParam("desc") Boolean desc, @javax.ws.rs.QueryParam("namespace") String namespace, @javax.ws.rs.QueryParam("queryString") String queryString, @javax.ws.rs.QueryParam("detail") Boolean detail, @javax.ws.rs.QueryParam("latencyTopN") Integer latencyTopN, @Context SecurityContext securityContext) { Collection<Storable> storables = SecurityUtil.filter(authorizer, securityContext, namespace, listCommand(namespace).get(), READ); Collection<Storable> searchResult = new ArrayList<>(); if (!storables.isEmpty()) { String sortFieldName = getSortFieldName(sortType); searchResult.addAll(storables.stream() .filter(s -> StringUtils.isEmpty(queryString) || matches(s, Pattern.compile(queryString, Pattern.CASE_INSENSITIVE))) .sorted((s1, s2) -> compare(s1, s2, sortFieldName, desc)) .collect(Collectors.toList())); } if (detail != null && detail) { String asUser = WSUtils.getUserFromSecurityContext(securityContext); return WSUtils.respondEntities(enrichCommand(namespace, asUser, latencyTopN).apply(searchResult), OK); } else { return WSUtils.respondEntities(searchResult, OK); } }
LOG.debug("Returning all topologies since user has role: {}", Roles.ROLE_TOPOLOGY_USER); } else { topologies = SecurityUtil.filter(authorizer, securityContext, NAMESPACE, topologies, READ);
/** * List ALL notifiers or the ones matching specific query params. */ @GET @Path("/notifiers") @Timed public Response listNotifiers(@Context UriInfo uriInfo, @Context SecurityContext securityContext) { List<QueryParam> queryParams = new ArrayList<>(); MultivaluedMap<String, String> params = uriInfo.getQueryParameters(); Collection<Notifier> notifiers; if (params.isEmpty()) { notifiers = catalogService.listNotifierInfos(); } else { queryParams = WSUtils.buildQueryParameters(params); notifiers = catalogService.listNotifierInfos(queryParams); } if (notifiers != null) { boolean notifierUser = SecurityUtil.hasRole(authorizer, securityContext, Roles.ROLE_NOTIFIER_USER); if (notifierUser) { LOG.debug("Returning all Notifiers since user has role: {}", Roles.ROLE_NOTIFIER_USER); } else { notifiers = SecurityUtil.filter(authorizer, securityContext, Notifier.NAMESPACE, notifiers, READ); } return WSUtils.respondEntities(notifiers, OK); } throw EntityNotFoundException.byFilter(queryParams.toString()); }
LOG.debug("Returning all UDFs since user has role: {}", Roles.ROLE_UDF_USER); } else { udfs = SecurityUtil.filter(authorizer, securityContext, UDF.NAMESPACE, udfs, READ);
LOG.debug("Returning all environments since user has role: {}", Roles.ROLE_ENVIRONMENT_USER); } else { namespaces = SecurityUtil.filter(authorizer, securityContext, Namespace.NAMESPACE, namespaces, READ);
LOG.debug("Returning all service pools since user has role: {}", Roles.ROLE_SERVICE_POOL_USER); } else { clusters = SecurityUtil.filter(authorizer, securityContext, NAMESPACE, clusters, READ);